7.5
CVE-2025-0482
- EPSS 0.6%
- Veröffentlicht 15.01.2025 20:15:28
- Zuletzt bearbeitet 29.04.2025 20:23:05
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Fanli2012 native-php-cms user_recoverpwd.php default credentials
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Native-php-cms Project ≫ Native-php-cms Version1.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.442 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-1392 Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
https://github.com/Fanli2012/native-php-cms/issues/4
https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348
https://vuldb.com/?ctiid.291927
https://vuldb.com/?id.291927
https://vuldb.com/?submit.475237